04step · module overview

You finished Lab 03. Here's what stuck.

A short recap of the moves you used to follow a hidden trail of DNS notes — keep them close. The next lab trades looking-around for breaking-in, and uses the same "one step leads to the next" mindset against a website's login form.

Module complete · dns-http

You asked the first question, unscrambled the answer, followed each signpost, stepped around the fake note, and pulled the last note off the trail — and that was the flag. DNS isn't just a phonebook to you anymore; it's a quiet little notebook you now know how to read.

XP earned+150xp

DifficultyBeginner

Time spent~20min

TrackML

≡ Recap · the five moves keep close

01 DNS is the internet's phonebook — and everyone trusts it. It does more than turn names into addresses. You can pin a little text note to any name, holding almost any text you like — and hardly anyone ever checks what's written there.
02 That gibberish is just scrambled text. An ending of == and a jumble of letters and numbers are the giveaway — it's a wrapper called base64. One base64 -d unscrambles it into the next name to look up.
03 Each signpost points to the next one. Every note names the next place to look. You unscramble, you ask, you unscramble, you ask — a simple repeating game where all you have to remember is the last name you were sent to.
04 Every step has its own little trap. A second note on the same name unscrambles to ignore_this. Only the note that starts with next= is the real signpost — trust the label, not the number of notes.
05 The last note is just the flag. The final step has no next= signpost. The whole note is the prize itself — the flag, the proof you reached the end of the trail.

Next module

Lab 04 · SQL Injection

Trick a login form into letting you in by typing text that quietly rewrites the question it asks its database. Same "one step leads to the next" mindset, a brand-new target — this is where apps blindly trust whatever you type.

start · lab 04 →